Embodiments of the present invention relate to policies, and more specifically to techniques for enforcement of policies that utilize information from information sources external to an organization.
The operations of an organization, such as a business, can be quite complex. This complexity creates numerous situations in which activity harmful to the organization can occur. Mistakes and/or fraud can cause an organization significant losses and can subject the organization to incur unnecessary risk. For example, employee fraud can cause an organization to lose money. Misuse of an organization's manufactured products may result in exposure to lawsuits by consumers as well as adverse effects to the organization's image among the consuming public. Even unintentional data entry errors can cause use of significant resources for correction of both the errors and the effects caused by them. In addition to activities within an organization causing harm or subjecting the organization to risk, activities outside of an organization can also have similar effects. The sale of counterfeit goods, for instance, can cause significant effects on an organization's revenue. Grey market goods (goods purchased abroad and sold for less than they could be sold for domestically) can have similar effects on an organization's revenue.
Organizations often invest in various tools to detect activities that can be harmful to their business. The data generated and used by the various systems of an organization, for example, can be monitored in order to quickly detect and address policy violations, thereby minimizing the amount of harm caused by such activities. Various techniques are used to detect unauthorized transactions, to detect unauthorized access to sensitive data and/or systems, and generally to ensure that employees and systems are behaving within allowable parameters. Organizations also spend a significant amount of resources monitoring outside activities, such as the sale of their goods (or of goods purported to be of the organizations) on online auction websites and in other places. Outside activities harmful to an organization can be identified and, if appropriate, stopped, through the use of various techniques and legal processes.
While current techniques for monitoring both internal and external activities can be useful, various complexities and other factors may limit their effectiveness. The Internet, for example, is a vast and complex resource, comprising information sources provided by numerous entities. An organization that sells goods, for instance, may have its products counterfeited and sold through numerous online channels. In addition, activities that are harmful to an organization may not be entirely internal or external, but may involve activities by the organization's employees as well as by others outside the organization, such as by vendors.